Developing an Effective Defense

As cyber attacks against U.S. government and private networks have increased in severity in recent years, the Congress and President have actively sought to identify, with the assistance of the U.S. private sector, conditions in U.S. law that could be hampering America’s development of an effective defense against such attacks, and to change those conditions in ways that preserved, as much as possible, legal provisions intended to protect privacy and civil liberties interests.

Congress has passed legislation to change statutory provisions that had an unintended effect of hindering the government’s or private sector’s ability to identify and defend against these attacks.  The two most recent Congresses passed at least five major pieces of cybersecurity legislation that the President signed into law. Although “[m]ore than 50 statutes address various aspects of cybersecurity,” according to Congressional Research Service, we can expect more.  Members of Congress continue to introduce numerous bills addressing cybersecurity issues.  A search of the Congress.gov legislation database reveals that over 200 bills containing the word “cybersecurity” were introduced during the current Congress and that ten of them have become law.